DevOps Security Engineer (Senior)

Decentralized Masters operates a profitable education and investment ecosystem and is building a portfolio of Web3 software products, including a non-custodial wallet and trading infrastructure. This role sits within a small, senior engineering team responsible for securing products that interact with high-value digital assets across global users.

The Dev Ops Security Engineer owns the end-to-end security posture, testing systems, and infrastructure reliability across all shipped products. The position combines application security, QA systems, and cloud infrastructure ownership (AWS, CI/CD, monitoring), with additional responsibility for contributing production code when core systems are stable. This is a high-ownership role aligned with web3 security roles where system integrity directly impacts user trust and platform continuity.

Responsibilities

• Own security posture across all products, including wallet, trading systems, and future platforms
• Conduct penetration testing, vulnerability assessments, and threat modeling aligned with OWASP methodologies
• Ensure coverage of OWASP Top 10 across application security testing, reviews, and deployments
• Perform security-focused code reviews across frontend, backend, and infrastructure
• Implement and manage secrets management systems and access control policies
• Build incident response playbooks and lead response and post-mortem processes
• Monitor Web3-specific attack vectors including phishing, wallet exploits, API compromises, and supply chain risks
• Coordinate external audits and penetration testing engagements
• Design and implement testing strategies including unit, integration, end-to-end, API, and regression testing
• Build automated testing frameworks and CI quality gates
• Define and track quality metrics such as test coverage and regression detection
• Execute security test cases across authentication, authorization, validation, and financial data flows
• Perform white-box and black-box testing across full-stack systems
• Maintain AWS infrastructure using Infrastructure as Code (Terraform or Cloud Formation)
• Own CI/CD pipelines including automated testing, security scanning, and deployment
• Harden infrastructure across IAM, networking, containers, and environment isolation
• Implement monitoring, logging, and alerting systems
• Ensure audit trails and production reliability
• Contribute to frontend and backend codebases with a security-first approach
• Participate in architecture discussions and code reviews with focus on reliability and testability

Requirements

• 5+ years of software engineering experience with hands‑on security and QA work
• Fullstack development experience across frontend (React or equivalent) and backend (Node.js, Python, Go, or equivalent)
• Experience in penetration testing and vulnerability assessment across web, APIs, and cloud systems
• Strong knowledge of OWASP standards including Top 10 and secure coding practices
• Experience building automated test frameworks integrated into CI/CD pipelines
• AWS experience (EC2, ECS/EKS, Lambda, VPC, IAM, S3, RDS, Cloud Front, WAF)
• Infrastructure as Code experience (Terraform, Cloud Formation, or Pulumi)
• Experience with Docker and Kubernetes in production
• Proficiency in Bash and Python scripting
• Experience with secrets management tools (Vault, AWS Secrets Manager, or similar)
• Familiarity with tools such as Burp Suite, OWASP ZAP, Selenium, Cypress, Jest, or Postman
• Strong communication skills for explaining security and quality tradeoffs

Nice-to-have

• Security certifications (OSCP, CISSP, Security+, AWS Security Specialty)
• Experience in crypto, DeFi, Web3, or fintech companies
• Familiarity with Web3 security risks such as wallet security and phishing mitigation
• SDET or hybrid development‑testing background
• Experience with financial system testing (payments, ledgers, transaction monitoring)
• Knowledge of zero‑trust architectures
• Participation in bug bounty programs or open‑source security tools

Compensation & Benefits

• Competitive salary (not specified)
• Performance‑based incentives tied to retention and LTV
• Remote work setup
• Direct exposure to founders
• Team offsites
• High ownership role with system‑level impact